package org.apache.brooklyn.container.location.docker;

import com.google.common.base.Optional;
import com.google.common.base.Preconditions;
import com.google.common.collect.ImmutableList;
import com.google.common.collect.ImmutableMap;
import com.google.common.collect.Lists;
import java.lang.reflect.Method;
import java.util.Iterator;
import java.util.List;
import java.util.Map;
import org.apache.brooklyn.api.location.MachineLocation;
import org.apache.brooklyn.core.test.BrooklynAppLiveTestSupport;
import org.apache.brooklyn.location.jclouds.BasicJcloudsLocationCustomizer;
import org.apache.brooklyn.location.jclouds.JcloudsLocation;
import org.apache.brooklyn.location.jclouds.JcloudsLocationConfig;
import org.apache.brooklyn.location.jclouds.JcloudsSshMachineLocation;
import org.apache.brooklyn.util.collections.MutableMap;
import org.apache.brooklyn.util.os.Os;
import org.jclouds.compute.ComputeService;
import org.jclouds.compute.domain.Image;
import org.jclouds.compute.domain.OsFamily;
import org.jclouds.compute.options.TemplateOptions;
import org.jclouds.docker.compute.options.DockerTemplateOptions;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.testng.Assert;
import org.testng.annotations.AfterMethod;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.Test;

/* loaded from: input_file:org/apache/brooklyn/container/location/docker/DockerJcloudsLocationLiveTest.class */
public class DockerJcloudsLocationLiveTest extends BrooklynAppLiveTestSupport {
    private static final Logger LOG = LoggerFactory.getLogger(DockerJcloudsLocationLiveTest.class);
    private static final String SWARM_ENDPOINT = System.getProperty("test.brooklyn-container-service.docker.swarmEndpoint", "https://10.104.0.162:3376/");
    private static final String IDENTITY_FILE_PATH = System.getProperty("test.brooklyn-container-service.docker.identity", Os.tidyPath("~/.docker/.certs/cert.pem"));
    private static final String CREDENTIAL_FILE_PATH = System.getProperty("test.brooklyn-container-service.docker.credential", Os.tidyPath("~/.docker/.certs/key.pem"));
    private static final String SWARM_NETWORK_NAME = System.getProperty("test.brooklyn-container-service.docker.networkName", Os.tidyPath("brooklyn"));
    protected DockerJcloudsLocation loc;
    protected List<MachineLocation> machines;
    protected DockerTemplateOptions templateOptions;

    @BeforeMethod(alwaysRun = true)
    public void setUp() throws Exception {
        super.setUp();
        this.machines = Lists.newCopyOnWriteArrayList();
    }

    @AfterMethod(alwaysRun = true)
    public void tearDown() throws Exception {
        for (MachineLocation machineLocation : this.machines) {
            try {
                this.loc.release(machineLocation);
            } catch (Exception e) {
                LOG.error("Error releasing machine " + machineLocation + " in location " + this.loc, e);
            }
        }
        super.tearDown();
    }

    protected DockerJcloudsLocation newDockerLocation(Map<String, ?> map) throws Exception {
        BasicJcloudsLocationCustomizer basicJcloudsLocationCustomizer = new BasicJcloudsLocationCustomizer() { // from class: org.apache.brooklyn.container.location.docker.DockerJcloudsLocationLiveTest.1
            public void customize(JcloudsLocation jcloudsLocation, ComputeService computeService, TemplateOptions templateOptions) {
                DockerJcloudsLocationLiveTest.this.templateOptions = (DockerTemplateOptions) templateOptions;
            }
        };
        Map map2 = (Map) map.get(JcloudsLocation.TEMPLATE_OPTIONS.getName());
        return this.mgmt.getLocationRegistry().getLocationManaged("docker", MutableMap.builder().put("identity", IDENTITY_FILE_PATH).put("credential", CREDENTIAL_FILE_PATH).put("endpoint", SWARM_ENDPOINT).put("tags", ImmutableList.of(getClass().getName())).put(JcloudsLocation.WAIT_FOR_SSHABLE.getName(), false).put(JcloudsLocation.JCLOUDS_LOCATION_CUSTOMIZERS.getName(), ImmutableList.of(basicJcloudsLocationCustomizer)).putAll(map).put(JcloudsLocation.TEMPLATE_OPTIONS.getName(), MutableMap.builder().put("networkMode", SWARM_NETWORK_NAME).putAll(map2 != null ? map2 : ImmutableMap.of()).build()).build());
    }

    private JcloudsSshMachineLocation newDockerMachine(DockerJcloudsLocation dockerJcloudsLocation, Map<?, ?> map) throws Exception {
        JcloudsSshMachineLocation obtain = dockerJcloudsLocation.obtain(map);
        this.machines.add(obtain);
        return obtain;
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testDefaultImageHasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        assertMachineSshableSecureAndFromImage(newDockerMachine(this.loc, ImmutableMap.of(JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m")), "brooklyncentral/centos:7");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testExplicitCredentialsNotOverwritten() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        Assert.assertEquals(((Image) getOptionalImage(newDockerMachine(this.loc, MutableMap.of(JcloudsLocationConfig.LOGIN_USER, "myuser", JcloudsLocationConfig.LOGIN_USER_PASSWORD, "mypassword"))).get()).getDescription(), "brooklyncentral/centos:7");
        Assert.assertEquals(this.templateOptions.getLoginUser(), "myuser");
        Assert.assertEquals(this.templateOptions.getLoginPassword(), "mypassword");
        Assert.assertEquals(this.templateOptions.getLoginPassword(), "mypassword");
        assertEnvNotContainsKey(this.templateOptions, "BROOKLYN_ROOT_PASSWORD");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testExplicitImageIdNotOverwritten() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        Assert.assertEquals(((Image) getOptionalImage(newDockerMachine(this.loc, MutableMap.of(JcloudsLocation.IMAGE_ID, "sha256:2fa927b5cdd31cdec0027ff4f45ef4343795c7a2d19a9af4f32425132a222330", JcloudsLocation.TEMPLATE_OPTIONS, ImmutableMap.of("entrypoint", ImmutableList.of("/bin/sleep", "1000"))))).get()).getId(), "sha256:2fa927b5cdd31cdec0027ff4f45ef4343795c7a2d19a9af4f32425132a222330");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testMatchingImageDescriptionHasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        JcloudsSshMachineLocation newDockerMachine = newDockerMachine(this.loc, ImmutableMap.of(JcloudsLocation.IMAGE_DESCRIPTION_REGEX.getName(), "brooklyncentral/centos:7", JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m"));
        Assert.assertTrue(newDockerMachine.isSshable(), "machine=" + newDockerMachine);
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testMatchingOsFamilyCentosHasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        assertMachineSshableSecureAndFromImage(newDockerMachine(this.loc, ImmutableMap.of(JcloudsLocation.OS_FAMILY.getName(), OsFamily.CENTOS, JcloudsLocation.OS_VERSION_REGEX.getName(), "7.*", JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m")), "brooklyncentral/centos:7");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testMatchingOsFamilyUbuntu14HasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        assertMachineSshableSecureAndFromImage(newDockerMachine(this.loc, ImmutableMap.of(JcloudsLocation.OS_FAMILY.getName(), OsFamily.UBUNTU, JcloudsLocation.OS_VERSION_REGEX.getName(), "14.04.*", JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m")), "brooklyncentral/ubuntu:14.04");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testMatchingOsFamilyUbuntu16HasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of());
        assertMachineSshableSecureAndFromImage(newDockerMachine(this.loc, ImmutableMap.of(JcloudsLocation.OS_FAMILY.getName(), OsFamily.UBUNTU, JcloudsLocation.OS_VERSION_REGEX.getName(), "16.04.*", JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m")), "brooklyncentral/ubuntu:16.04");
    }

    @Test(groups = {"Live", "Live-sanity"})
    public void testMatchingOsFamilyConfiguredOnLocationHasAutoGeneratedCredentials() throws Exception {
        this.loc = newDockerLocation(ImmutableMap.of(JcloudsLocation.OS_FAMILY.getName(), OsFamily.UBUNTU, JcloudsLocation.OS_VERSION_REGEX.getName(), "16.04.*", JcloudsLocation.WAIT_FOR_SSHABLE.getName(), "1m"));
        assertMachineSshableSecureAndFromImage(newDockerMachine(this.loc, ImmutableMap.of()), "brooklyncentral/ubuntu:16.04");
    }

    protected void assertMachineSshableSecureAndFromImage(JcloudsSshMachineLocation jcloudsSshMachineLocation, String str) throws Exception {
        Assert.assertEquals(((Image) getOptionalImage(jcloudsSshMachineLocation).get()).getDescription(), str);
        Assert.assertEquals(this.templateOptions.getLoginUser(), "root");
        assertEnvContainsKeyValue(this.templateOptions, "BROOKLYN_ROOT_PASSWORD", this.templateOptions.getLoginPassword());
        assertPasswordIsSecure(this.templateOptions.getLoginPassword());
        Assert.assertTrue(jcloudsSshMachineLocation.isSshable(), "machine=" + jcloudsSshMachineLocation);
    }

    protected void assertEnvNotContainsKey(DockerTemplateOptions dockerTemplateOptions, String str) {
        List env = dockerTemplateOptions.getEnv();
        if (env == null) {
            return;
        }
        Iterator it = env.iterator();
        while (it.hasNext()) {
            if (((String) it.next()).startsWith(str + "=")) {
                Assert.fail("has key " + str + "; env=" + env);
            }
        }
    }

    protected void assertEnvContainsKeyValue(DockerTemplateOptions dockerTemplateOptions, String str, String str2) {
        String str3 = str + "=" + str2;
        List env = dockerTemplateOptions.getEnv();
        if (env == null) {
            Assert.fail("env is null; does not contain " + str3);
        }
        if (env.contains(str3)) {
            return;
        }
        Assert.fail("env does not contain " + str3 + "; env=" + env);
    }

    protected void assertPasswordIsSecure(String str) {
        if (!str.matches(".*[0-9].*")) {
            Assert.fail("Password '" + str + "' does not contain a digit");
        }
        if (!str.matches(".*[A-Z].*")) {
            Assert.fail("Password '" + str + "' does not contain an upper-case letter");
        }
        if (str.trim().length() < 7) {
            Assert.fail("Password '" + str + "' is too short");
        }
        LOG.debug("Password '" + str + "' passes basic security check");
    }

    protected Optional<Image> getOptionalImage(JcloudsSshMachineLocation jcloudsSshMachineLocation) throws Exception {
        Method declaredMethod = jcloudsSshMachineLocation.getClass().getDeclaredMethod("getOptionalImage", new Class[0]);
        declaredMethod.setAccessible(true);
        return (Optional) Preconditions.checkNotNull((Optional) declaredMethod.invoke(jcloudsSshMachineLocation, new Object[0]), "null must not be returned by getOptionalImage, for %s", jcloudsSshMachineLocation);
    }
}
